[C Bindings] open remote connection fails with CA certificates on Android

Question

[C Bindings] open remote connection fails with CA certificates on Android

ospfranco opened this issue a month ago · comments

Oscar Franco commented a month ago

I seem to have hit this issue:

rustls/hyper-rustls#187

Here a user tried to connect to a turso remote database on Android:

OP-Engineering/op-sqlite#102 (comment)

The proposed solution is using a different API which has been made available only on Rust:

#789

On rust the open_remote_with_connector function has been exposed, which does not use root certificates but webpki. I guess I would also need the same function exposed to the C bindings.

Piotr Jastrzębski · Answer 1 · Sat Jun 01 2024 19:25:16 GMT+0800 (China Standard Time)

This is what you have to do to get this working on Android:

let https = hyper_rustls::HttpsConnectorBuilder::new()
                    .with_webpki_roots()
                    .https_or_http()
                    .enable_http1()
                    .build();
            Builder::new_remote_replica(db_file, url, auth_token)
                    .connector(https)
                    .build()
                    .await

Piotr Jastrzębski · Answer 2 · Sat Jun 01 2024 19:26:22 GMT+0800 (China Standard Time)

I guess I could expose a new C function just for Android that would do the above internally.

Piotr Jastrzębski · Answer 3 · Sat Jun 01 2024 20:12:52 GMT+0800 (China Standard Time)

You should be able to use libql_open_sync_with_webpki and libsql_open_remote_with_webpki introduced in #1433

Oscar Franco · Answer 4 · Sat Jun 01 2024 23:44:09 GMT+0800 (China Standard Time)

awesome. thanks!